In April, the FBI issued a press release warning of the dangers of Teleconference hacking during the Coronavirus Pandemic. This type of compromise has been coined as “Zoom-bombing”. This occurs when unauthorized parties access private conferencing services to disrupt meetings. Sometimes this is done my using pornographic images or hate speech. It may also be done in order to collect sensitive corporate information. Hackers may not just target Zoom users however. All teleconferencing services are susceptible including Zoom, Bluejeans, Microsoft Teams, GoToMeeting, etc. With more and more employees working remotely, this type of problem is not going away any time soon.
Here are some of the FBI’s recommended teleconferencing best practices:
- Do not make the meetings or classroom public.
- Do not share a link to a teleconference or classroom on an unrestricted publicly available social media post. Provide the link directly to specific people.
- Manage screen sharing options in Zoom, change screen sharing to “Host Only.”
- Ensure users are using the updated version of remote access/meeting applications.
The FBI also suggests that if you were a victim of a teleconference hacking to report it to the FBI’s Internet Crime Complaint Center at ic3.gov. Additionally, if you receive a specific threat during a teleconference, please report it at tips.fbi.gov.”
The Alternative Problem No One is Addressing
Not all problems have a “one size fits all” solution. The FBI’s warnings are completely relevant and their suggestions valid. But what if the “bad actor” is not an outside force such as a hacker or scammer? What if your own employee or contractor created a second account using an alias to post defamatory comments during a meeting? What if their relative or roommate accessed their computer? In these cases, would you really want to involve the FBI and be subject to a long, drawn out investigation? Or would you rather investigate the matter further internally to gain a clearer picture to better determine course of action? In an investigation, information is everything. That’s where we come in.
How We Can Help Navigate
Almost all of the corporate teleconferencing services offer information logs to include: IP addresses, user aliases, time/date, and even device fingerprinting. Our Investigators at MI:33 can utilize this information to help identify these transgressors, so they can be questioned internally. If you think that only people outside of your organization could be responsible for this type of disruption, you would be severely mistaken. More times than not an inside actor plays a role, many times the primary one, in disruption, data theft or compromise of services.
Can we say with certainty that this one individual is behind a specific IP address? Simple answer is, no. IP address data can change frequently. In truth, the only way to verify the owner of an IP with 100% accuracy is to request that information directly from the ISP by way of a LE request or subpoena. What we can do is provide you or your client with a clearer view of the perpetrator(s), so you can better advise next steps.
We have conducted this type of investigation numerous times for various clients during the COVID-19 shutdown with good success. In many of these cases the employee or contractor we identified admitted to the misdeed after being confronted by legal or HR. Our job is done and the rest is up to you.
If you need clarity, call MI:33. We’re here to help.